OESA-2023-1838

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1838

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1838.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1838

Upstream

CVE-2023-40546

Published

2023-11-17T11:06:19Z

Modified

2025-08-12T05:22:02.497533Z

Summary

shim security update

Details

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments.

Security Fix(es):

A vulnerability classified as critical has been found in rhboot shim up to 15.7 on ARM. This affects the function mirroroneesl of the file mok.c of the component mok. Applying the patch 66e6579dbf921152f647a0c16da1d3b2f40861ca is able to eliminate this problem. The bugfix is ready for download at github.com.(CVE-2023-40546)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS-SP2 / shim

Package

Name: shim
Purl: pkg:rpm/openEuler/shim&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.6-12.oe2203sp2

Ecosystem specific

{
    "aarch64": [
        "shim-15.6-12.oe2203sp2.aarch64.rpm"
    ],
    "noarch": [
        "shim-debugsource-15.6-12.oe2203sp2.noarch.rpm",
        "shim-debuginfo-15.6-12.oe2203sp2.noarch.rpm"
    ],
    "x86_64": [
        "shim-15.6-12.oe2203sp2.x86_64.rpm"
    ],
    "src": [
        "shim-15.6-12.oe2203sp2.src.rpm"
    ]
}